.\" Copyright (c) 2014 Theo de Raadt
.\" Copyright (c) 2015 Apple Inc. All rights reserved.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd October 2 2015
.Dt GETENTROPY 2
.Os
.Sh NAME
.Nm getentropy
.Nd get entropy
.Sh SYNOPSIS
.In sys/random.h
.Ft int
.Fn getentropy "void *buf" "size_t buflen"
.Sh DESCRIPTION
.Fn getentropy
fills a buffer with random data, which can be used
as input for process-context pseudorandom generators like
.Xr arc4random 3 .
.Pp
The maximum buffer size permitted is 256 bytes.
If
.Fa buflen
exceeds this, an error of
.Er EIO
will be indicated.
.Pp
.Fn getentropy
should be used as a replacement for
.Xr random 4
when random data derived directly from the kernel random byte generator is required.
Unlike the
.Xr random 4
pseudo-devices, it is not vulnerable to file descriptor exhaustion attacks
and is available when sandboxed or in a chroot, making it more reliable for security-critical applications.
.Pp
However, it should be noted that
.Fn getentropy
is primarily intended for use in the construction and seeding of userspace PRNGs like
.Xr arc4random 3
or
.Xr CC_crypto 3 .
Clients who simply require random data should use
.Xr arc4random 3 ,
.Fn CCRandomGenerateBytes
from
.Xr CC_crypto 3 ,
or
.Fn SecRandomCopyBytes
from the Security framework instead of
.Fn getentropy
or
.Xr random 4
.Sh RETURN VALUES
.Rv -std
.Sh ERRORS
.Fn getentropy
will succeed unless:
.Bl -tag -width Er
.It Bq Er EINVAL
The
.Fa buf
parameter points to an
invalid address.
.It Bq Er EIO
Too many bytes requested, or some other fatal error occurred.
.El
.Sh SEE ALSO
.Xr arc4random 3
.Xr CC_crypto 3
.Xr random 4
.Sh HISTORY
The
.Fn getentropy
function appeared in
OSX 10.12
